漏洞信息
An integer overflow in the Linux netfilter implementation.
It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred.
A use-after-free existed in the percpu allocator in the Linux kernel.
An information leak in the netlink implementation of the Linux kernel.
漏洞危害
On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135)
A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794)
A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243)
解决方案
Refer to Ubuntu advisory USN-3055-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-lowlatency)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-powerpc64-emb)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-generic-lpae)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-generic)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-powerpc64-smp)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-powerpc-e500mc)
USN-3055-1: 16.04 (Xenial) on src (linux-image-4.4.0-34-powerpc-smp)
0day
文章评论